Lucene search
+L

4 matches found

Code423n4
Code423n4
•added 2024/01/08 12:0 a.m.•15 views

[H1] Custom upgrade functionality is dangerous

Lines of code Vulnerability details Impact ​ Unsafe upgrade can break protocol Analysis of the vulnerability You are using a custom upgrade for the tokenomics contract not following UUPS standard function changeTokenomicsImplementationaddress implementation external // Check for the contract...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/24 12:0 a.m.•10 views

Proxy storage collision - contracts might be bricked

Lines of code Vulnerability details The proxy contracts save the implementation variables in the first storage slot see links above. This will lead to storage collusions when the implementation contract tries to read/update the first storage slot. For the implementation contract, the first storag...

6.6AI score
Exploits0
Code423n4
Code423n4
•added 2022/05/15 12:0 a.m.•9 views

Initialization function can be front-run

Lines of code Vulnerability details Impact The call to the initialize function can be front-run, and a malicious provider can be passed in and set to addressesProvider on any contract that inherits GeneralVault. This is significant because the onlyAdmin modifier checks if the msg.sender is...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/04/01 12:0 a.m.•14 views

STORAGE COLLISION BETWEEN PROXY AND IMPLEMENTATION (LACK EIP 1967)

Lines of code Vulnerability details Impact Storage collision because of lack of EIP1967 could cause conflicts and override sensible variables Proof of Concept contract CoreProxy is Ownable address private immutable implement; When you implement proxies, logic and implementation share the same...

6.8AI score
Exploits0
Rows per page
Query Builder